fix: vulnerabilities in dependencies

[saikumarrs]

PR Description

I've addressed all the vulnerabilities in the dependencies.

Snyk reports
Before:

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Tested 89 dependencies for known issues, found 1 issue, 1 vulnerable path.


Issues to fix by upgrading:

  Upgrade [email protected] to [email protected] to fix
  ✗ Cross-site Scripting (XSS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6671926] in [email protected]
    introduced by [email protected]



Organization:      rudder-qa
Package manager:   npm
Target file:       package.json
Project name:      @rudderstack/analytics-js-monorepo
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js/package.json
Project name:      @rudderstack/analytics-js
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 23 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-common/package.json
Project name:      @rudderstack/analytics-js-common
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 17 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-cookies/package.json
Project name:      @rudderstack/analytics-js-cookies
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 18 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-integrations/package.json
Project name:      @rudderstack/analytics-js-integrations
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 32 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-plugins/package.json
Project name:      @rudderstack/analytics-js-plugins
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 21 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Tested 62 dependencies for known issues, found 1 issue, 1 vulnerable path.


Issues to fix by upgrading:

  Upgrade [email protected] to [email protected] to fix
  ✗ Cross-site Scripting (XSS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6671926] in [email protected]
    introduced by [email protected]



Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-service-worker/package.json
Project name:      @rudderstack/analytics-js-service-worker
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-v1.1/package.json
Project name:      rudder-sdk-js
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 18 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/loading-scripts/package.json
Project name:      @rudderstack/analytics-js-loading-scripts
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 24 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/sanity-suite/package.json
Project name:      @rudderstack/analytics-js-sanity-suite
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 27 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       examples/angular/sample-app/package-lock.json
Project name:      sample-app
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Tested 1311 dependencies for known issues, found 7 issues, 14 vulnerable paths.


Issues with no direct upgrade or patch:
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6671926] in [email protected]
    introduced by [email protected] > [email protected]
  This issue was fixed in versions: 1.7.8
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-COOKIE-8163060] in [email protected]
    introduced by [email protected] > [email protected] and 2 other path(s)
  This issue was fixed in versions: 0.7.0
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230] in [email protected]
    introduced by [email protected] > [email protected] > [email protected] and 4 other path(s)
  This issue was fixed in versions: 6.0.6, 7.0.5
  ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in [email protected]
    introduced by [email protected] > @graphql-codegen/[email protected] > @graphql-codegen/[email protected] > @graphql-tools/[email protected] > @ardatan/[email protected] > [email protected] > [email protected]
  No upgrade or patch available
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NANOID-8492085] in [email protected]
    introduced by [email protected] > [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 3.3.8, 5.0.9
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416] in [email protected]
    introduced by [email protected] > [email protected] and 1 other path(s)
  This issue was fixed in versions: 0.1.12


License issues:

  ✗ MPL-2.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:axe-core:MPL-2.0] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]



Organization:      rudder-qa
Package manager:   npm
Target file:       examples/gatsby/sample-gatsby-plugin-usage/package-lock.json
Project name:      sample-using-gatsby-plugin
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Tested 1295 dependencies for known issues, found 7 issues, 14 vulnerable paths.


Issues with no direct upgrade or patch:
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6671926] in [email protected]
    introduced by [email protected] > [email protected]
  This issue was fixed in versions: 1.7.8
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-COOKIE-8163060] in [email protected]
    introduced by [email protected] > [email protected] and 2 other path(s)
  This issue was fixed in versions: 0.7.0
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230] in [email protected]
    introduced by [email protected] > [email protected] > [email protected] and 4 other path(s)
  This issue was fixed in versions: 6.0.6, 7.0.5
  ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in [email protected]
    introduced by [email protected] > @graphql-codegen/[email protected] > @graphql-codegen/[email protected] > @graphql-tools/[email protected] > @ardatan/[email protected] > [email protected] > [email protected]
  No upgrade or patch available
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NANOID-8492085] in [email protected]
    introduced by [email protected] > [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 3.3.8, 5.0.9
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416] in [email protected]
    introduced by [email protected] > [email protected] and 1 other path(s)
  This issue was fixed in versions: 0.1.12


License issues:

  ✗ MPL-2.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:axe-core:MPL-2.0] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]



Organization:      rudder-qa
Package manager:   npm
Target file:       examples/gatsby/sample-gatsby-site/package-lock.json
Project name:      sample-gatsby-site
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       examples/serverless/cloudflare-worker/package-lock.json
Project name:      example-cloudflare-worker
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 8 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Tested 143 dependencies for known issues, found 2 issues, 4 vulnerable paths.


Issues with no direct upgrade or patch:
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230] in [email protected]
    introduced by [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 6.0.6, 7.0.5
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NANOID-8492085] in [email protected]
    introduced by [email protected] > [email protected] and 2 other path(s)
  This issue was fixed in versions: 3.3.8, 5.0.9



Organization:      rudder-qa
Package manager:   npm
Target file:       examples/serverless/vercel-edge/package-lock.json
Project name:      example-vercel-edge
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

✗ Low severity vulnerability found in twig/twig
  Description: Protection Mechanism Failure
  Info: https://security.snyk.io/vuln/SNYK-PHP-TWIGTWIG-8349790
  Introduced through: twig/[email protected], symfony/[email protected], twig/[email protected]
  From: twig/[email protected]
  From: symfony/[email protected] > twig/[email protected]
  From: twig/[email protected] > twig/[email protected]
  and 3 more...
  Fixed in: 3.11.2, 3.14.1

✗ Low severity vulnerability found in twig/twig
  Description: Protection Mechanism Failure
  Info: https://security.snyk.io/vuln/SNYK-PHP-TWIGTWIG-8349791
  Introduced through: twig/[email protected], symfony/[email protected], twig/[email protected]
  From: twig/[email protected]
  From: symfony/[email protected] > twig/[email protected]
  From: twig/[email protected] > twig/[email protected]
  and 3 more...
  Fixed in: 3.11.2, 3.14.1

✗ Medium severity vulnerability found in symfony/security-bundle
  Description: Improper Authorization
  Info: https://security.snyk.io/vuln/SNYK-PHP-SYMFONYSECURITYBUNDLE-8344797
  Introduced through: symfony/[email protected]
  From: symfony/[email protected]
  Fixed in: 6.4.10, 7.0.10, 7.1.3

✗ Medium severity vulnerability found in symfony/process
  Description: Arbitrary Code Injection
  Info: https://security.snyk.io/vuln/SNYK-PHP-SYMFONYPROCESS-8344728
  Introduced through: symfony/[email protected]
  From: symfony/[email protected]
  Fixed in: 5.4.46, 6.4.14, 7.1.7

✗ Medium severity vulnerability found in symfony/http-foundation
  Description: Open Redirect
  Info: https://security.snyk.io/vuln/SNYK-PHP-SYMFONYHTTPFOUNDATION-8344761
  Introduced through: symfony/[email protected], symfony/[email protected], symfony/[email protected], symfony/[email protected], doctrine/[email protected], doctrine/[email protected], symfony/[email protected], twig/[email protected]
  From: symfony/[email protected] > symfony/[email protected]
  From: symfony/[email protected] > symfony/[email protected]
  From: symfony/[email protected] > symfony/[email protected]
  and 20 more...
  Fixed in: 5.4.46, 6.4.14, 7.1.7

✗ Medium severity vulnerability found in symfony/http-client
  Description: Insertion of Sensitive Information Into Sent Data
  Info: https://security.snyk.io/vuln/SNYK-PHP-SYMFONYHTTPCLIENT-8344765
  Introduced through: symfony/[email protected]
  From: symfony/[email protected]
  Fixed in: 5.4.46, 6.4.14, 7.1.7

✗ High severity vulnerability found in symfony/security-http
  Description: Authentication Bypass
  Info: https://security.snyk.io/vuln/SNYK-PHP-SYMFONYSECURITYHTTP-8378053
  Introduced through: symfony/[email protected]
  From: symfony/[email protected] > symfony/[email protected]
  From: symfony/[email protected] > symfony/[email protected] > symfony/[email protected]
  Fixed in: 5.4.47, 6.4.15, 7.1.8



Organization:      rudder-qa
Package manager:   composer
Target file:       examples/symfony/sample/composer.lock
Project name:      sample
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

Tested 105 dependencies for known issues, found 7 issues, 40 vulnerable paths.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       examples/symfony/sample/package-lock.json
Project name:      package.json
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 1 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.


Tested 17 projects, 6 contained vulnerable paths.

After:

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       package.json
Project name:      @rudderstack/analytics-js-monorepo
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 89 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js/package.json
Project name:      @rudderstack/analytics-js
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 23 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-common/package.json
Project name:      @rudderstack/analytics-js-common
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 17 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-cookies/package.json
Project name:      @rudderstack/analytics-js-cookies
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 18 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-integrations/package.json
Project name:      @rudderstack/analytics-js-integrations
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 32 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-plugins/package.json
Project name:      @rudderstack/analytics-js-plugins
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 21 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-js-service-worker/package.json
Project name:      @rudderstack/analytics-js-service-worker
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 62 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/analytics-v1.1/package.json
Project name:      rudder-sdk-js
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 18 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/loading-scripts/package.json
Project name:      @rudderstack/analytics-js-loading-scripts
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 24 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       packages/sanity-suite/package.json
Project name:      @rudderstack/analytics-js-sanity-suite
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 27 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       examples/angular/sample-app/package-lock.json
Project name:      sample-app
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Tested 1288 dependencies for known issues, found 2 issues, 2 vulnerable paths.


Issues with no direct upgrade or patch:
  ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in [email protected]
    introduced by [email protected] > @graphql-codegen/[email protected] > @graphql-codegen/[email protected] > @graphql-tools/[email protected] > @ardatan/[email protected] > [email protected] > [email protected]
  No upgrade or patch available


License issues:

  ✗ MPL-2.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:axe-core:MPL-2.0] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]



Organization:      rudder-qa
Package manager:   npm
Target file:       examples/gatsby/sample-gatsby-plugin-usage/package-lock.json
Project name:      sample-using-gatsby-plugin
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Tested 1273 dependencies for known issues, found 2 issues, 2 vulnerable paths.


Issues with no direct upgrade or patch:
  ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in [email protected]
    introduced by [email protected] > @graphql-codegen/[email protected] > @graphql-codegen/[email protected] > @graphql-tools/[email protected] > @ardatan/[email protected] > [email protected] > [email protected]
  No upgrade or patch available


License issues:

  ✗ MPL-2.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:axe-core:MPL-2.0] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]



Organization:      rudder-qa
Package manager:   npm
Target file:       examples/gatsby/sample-gatsby-site/package-lock.json
Project name:      sample-gatsby-site
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       examples/serverless/cloudflare-worker/package-lock.json
Project name:      example-cloudflare-worker
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 8 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Tested 166 dependencies for known issues, found 8 issues, 16 vulnerable paths.


License issues:

  ✗ LGPL-3.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:img:sharp-libvips-linuxmusl-x64:LGPL-3.0] in @img/[email protected]
    introduced by [email protected] > [email protected] > @img/[email protected] and 1 other path(s)

  ✗ LGPL-3.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:img:sharp-libvips-linuxmusl-arm64:LGPL-3.0] in @img/[email protected]
    introduced by [email protected] > [email protected] > @img/[email protected] and 1 other path(s)

  ✗ LGPL-3.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:img:sharp-libvips-linux-x64:LGPL-3.0] in @img/[email protected]
    introduced by [email protected] > [email protected] > @img/[email protected] and 1 other path(s)

  ✗ LGPL-3.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:img:sharp-libvips-linux-s390x:LGPL-3.0] in @img/[email protected]
    introduced by [email protected] > [email protected] > @img/[email protected] and 1 other path(s)

  ✗ LGPL-3.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:img:sharp-libvips-linux-arm64:LGPL-3.0] in @img/[email protected]
    introduced by [email protected] > [email protected] > @img/[email protected] and 1 other path(s)

  ✗ LGPL-3.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:img:sharp-libvips-linux-arm:LGPL-3.0] in @img/[email protected]
    introduced by [email protected] > [email protected] > @img/[email protected] and 1 other path(s)

  ✗ LGPL-3.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:img:sharp-libvips-darwin-x64:LGPL-3.0] in @img/[email protected]
    introduced by [email protected] > [email protected] > @img/[email protected] and 1 other path(s)

  ✗ LGPL-3.0 license [Medium Severity][https://snyk.io/vuln/snyk:lic:npm:img:sharp-libvips-darwin-arm64:LGPL-3.0] in @img/[email protected]
    introduced by [email protected] > [email protected] > @img/[email protected] and 1 other path(s)



Organization:      rudder-qa
Package manager:   npm
Target file:       examples/serverless/vercel-edge/package-lock.json
Project name:      example-vercel-edge
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   composer
Target file:       examples/symfony/sample/composer.lock
Project name:      sample
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 104 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Volumes/Workspace/Repositories/rudder-sdk-js...

Organization:      rudder-qa
Package manager:   npm
Target file:       examples/symfony/sample/package-lock.json
Project name:      package.json
Open source:       no
Project path:      /Volumes/Workspace/Repositories/rudder-sdk-js
Licenses:          enabled

✔ Tested 1 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.


Tested 17 projects, 3 contained vulnerable paths.

Note: Some of the vulnerabilities are due to licenses and others do not have a way to fix.

Linear task (optional)

https://linear.app/rudderstack/issue/SDK-2681/address-snyk-vulnerabilities

Cross Browser Tests

Please confirm you have tested for the following browsers:

• Chrome
• Firefox
• IE11

Sanity Suite

• All sanity suite test cases pass locally

Security

• The code changed/added as part of this pull request won't create any security issues with how the software is being used.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (13)

• examples/gatsby/sample-gatsby-plugin-usage/package-lock.json is excluded by !**/package-lock.json, !**/*.json
• examples/gatsby/sample-gatsby-plugin-usage/package.json is excluded by !**/*.json
• examples/gatsby/sample-gatsby-site/package-lock.json is excluded by !**/package-lock.json, !**/*.json
• examples/gatsby/sample-gatsby-site/package.json is excluded by !**/*.json
• examples/serverless/vercel-edge/package-lock.json is excluded by !**/package-lock.json, !**/*.json
• examples/serverless/vercel-edge/package.json is excluded by !**/*.json
• examples/symfony/sample/composer.json is excluded by !**/*.json
• examples/symfony/sample/composer.lock is excluded by !**/*.lock, !**/*.lock
• examples/symfony/sample/package-lock.json is excluded by !**/package-lock.json, !**/*.json
• examples/symfony/sample/package.json is excluded by !**/*.json
• package-lock.json is excluded by !**/package-lock.json, !**/*.json
• package.json is excluded by !**/*.json
• packages/analytics-js-service-worker/package.json is excluded by !**/*.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 61.89%. Comparing base (f946102) to head (b43fe43).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #1965   +/-   ##
========================================
  Coverage    61.89%   61.89%           
========================================
  Files          484      484           
  Lines        16610    16610           
  Branches      3351     3335   -16     
========================================
  Hits         10280    10280           
- Misses        5083     5095   +12     
+ Partials      1247     1235   -12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

size-limit report 📦

Name	Size (Base)	Size (Current)	Size Limit	Status
Plugins Module Federation Mapping - Legacy - CDN	332 B	332 B (0%)	512 B	✅
Plugins - Legacy - CDN	15.75 KB	15.75 KB (0%)	16 KB	✅
Plugins Module Federation Mapping - Modern - CDN	331 B	331 B (0%)	512 B	✅
Plugins - Modern - CDN	7.2 KB	7.2 KB (0%)	7.5 KB	✅
Common - No bundling	17.84 KB	17.83 KB (-0.05% ▼)	18.4 KB	✅
Cookies Utils - Legacy - NPM (ESM)	1.54 KB	1.54 KB (0%)	2 KB	✅
Cookies Utils - Legacy - NPM (CJS)	1.75 KB	1.75 KB (0%)	2 KB	✅
Cookies Utils - Legacy - NPM (UMD)	1.53 KB	1.53 KB (0%)	2 KB	✅
Cookies Utils - Modern - NPM (ESM)	1.17 KB	1.17 KB (0%)	1.5 KB	✅
Cookies Utils - Modern - NPM (CJS)	1.4 KB	1.4 KB (0%)	1.5 KB	✅
Cookies Utils - Modern - NPM (UMD)	1.16 KB	1.16 KB (0%)	1.5 KB	✅
Load Snippet	758 B	758 B (0%)	1 KB	✅
Core (v1.1) - NPM (ESM)	30.29 KB	30.29 KB (0%)	32 KB	✅
Core (v1.1) - NPM (CJS)	30.46 KB	30.46 KB (0%)	32 KB	✅
Core (v1.1) - NPM (UMD)	30.31 KB	30.31 KB (0%)	32 KB	✅
Core (Content Script - v1.1) - NPM (ESM)	29.79 KB	29.79 KB (0%)	30.5 KB	✅
Core (Content Script - v1.1) - NPM (CJS)	29.97 KB	29.97 KB (0%)	30.5 KB	✅
Core (Content Script - v1.1) - NPM (UMD)	29.82 KB	29.82 KB (0%)	30 KB	✅
Core - Legacy - CDN	48.84 KB	48.84 KB (0%)	49 KB	✅
Core - Modern - CDN	24.99 KB	24.99 KB (0%)	25.5 KB	✅
Core - Legacy - NPM (ESM)	48.69 KB	48.69 KB (0%)	49 KB	✅
Core - Legacy - NPM (CJS)	48.97 KB	48.97 KB (0%)	49.1 KB	✅
Core - Legacy - NPM (UMD)	48.76 KB	48.76 KB (0%)	49 KB	✅
Core - Modern - NPM (ESM)	24.74 KB	24.74 KB (0%)	25 KB	✅
Core - Modern - NPM (CJS)	24.96 KB	24.96 KB (0%)	25.5 KB	✅
Core - Modern - NPM (UMD)	24.79 KB	24.79 KB (0%)	25 KB	✅
Core (Bundled) - Legacy - NPM (ESM)	48.69 KB	48.69 KB (0%)	49 KB	✅
Core (Bundled) - Legacy - NPM (CJS)	48.98 KB	48.98 KB (0%)	49 KB	✅
Core (Bundled) - Legacy - NPM (UMD)	48.76 KB	48.76 KB (0%)	49 KB	✅
Core (Bundled) - Modern - NPM (ESM)	39.72 KB	39.72 KB (0%)	40 KB	✅
Core (Bundled) - Modern - NPM (CJS)	40.03 KB	40.03 KB (0%)	40.5 KB	✅
Core (Bundled) - Modern - NPM (UMD)	39.77 KB	39.77 KB (0%)	40 KB	✅
Core (Content Script) - Legacy - NPM (ESM)	48.2 KB	48.2 KB (0%)	48.5 KB	✅
Core (Content Script) - Legacy - NPM (CJS)	48.44 KB	48.44 KB (0%)	48.5 KB	✅
Core (Content Script) - Legacy - NPM (UMD)	48.19 KB	48.19 KB (0%)	48.5 KB	✅
Core (Content Script) - Modern - NPM (ESM)	39.2 KB	39.2 KB (0%)	39.5 KB	✅
Core (Content Script) - Modern - NPM (CJS)	39.48 KB	39.48 KB (0%)	40 KB	✅
Core (Content Script) - Modern - NPM (UMD)	39.24 KB	39.24 KB (0%)	39.5 KB	✅
Service Worker - Legacy - NPM (ESM)	30.6 KB	30.59 KB (-0.05% ▼)	31 KB	✅
Service Worker - Legacy - NPM (CJS)	30.85 KB	30.83 KB (-0.08% ▼)	31 KB	✅
Service Worker - Legacy - NPM (UMD)	30.64 KB	30.6 KB (-0.15% ▼)	31 KB	✅
Service Worker - Modern - NPM (ESM)	25.75 KB	25.72 KB (-0.11% ▼)	26 KB	✅
Service Worker - Modern - NPM (CJS)	26.01 KB	25.96 KB (-0.2% ▼)	26.5 KB	✅
Service Worker - Modern - NPM (UMD)	25.77 KB	25.74 KB (-0.13% ▼)	26 KB	✅
All Integrations - Legacy - CDN	94.64 KB	94.64 KB (0%)	95.3 KB	✅
All Integrations - Modern - CDN	90.08 KB	90.08 KB (0%)	91 KB	✅